CVE-2019-16889

Name of the Vulnerable Software and Affected Versions Ubiquiti EdgeMAX devices versions prior to 2.0.3

Description The issue allows remote attackers to cause a denial of service due to disk consumption. This occurs when a valid length payload of 249 characters or fewer is provided to the beaker.session.id cookie in a GET header, resulting in the creation of *.cache files in /var/run/beaker/container file/. An attacker can exploit this by using a long series of unique session IDs.

Recommendations For versions prior to 2.0.3, update to version 2.0.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the beaker.session.id cookie to minimize the risk of exploitation.